SUSE-SU-2015:1473-1

Опубликовано: 07 авг. 2015

Источник: suse-cvrf

Описание

Security update for subversion

subversion was updated to fix two security issues.

These security issues were fixed:

CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517).
CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12

libsvn_auth_gnome_keyring-1-0-1.8.10-15.1

libsvn_auth_kwallet-1-0-1.8.10-15.1

subversion-1.8.10-15.1

subversion-bash-completion-1.8.10-15.1

subversion-devel-1.8.10-15.1

subversion-perl-1.8.10-15.1

subversion-python-1.8.10-15.1

subversion-server-1.8.10-15.1

subversion-tools-1.8.10-15.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20151473-1/
Link for SUSE-SU-2015:1473-1
https://lists.suse.com/pipermail/sle-security-updates/2015-September/001560.html
E-Mail link for SUSE-SU-2015:1473-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/939514
SUSE Bug 939514
https://bugzilla.suse.com/939517
SUSE Bug 939517
https://www.suse.com/security/cve/CVE-2015-3184/
SUSE CVE CVE-2015-3184 page
https://www.suse.com/security/cve/CVE-2015-3187/
SUSE CVE CVE-2015-3187 page

Описание

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_gnome_keyring-1-0-1.8.10-15.1

SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_kwallet-1-0-1.8.10-15.1

SUSE Linux Enterprise Software Development Kit 12:subversion-1.8.10-15.1

SUSE Linux Enterprise Software Development Kit 12:subversion-bash-completion-1.8.10-15.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-3184.html
CVE-2015-3184
https://bugzilla.suse.com/938723
SUSE Bug 938723
https://bugzilla.suse.com/939514
SUSE Bug 939514
https://bugzilla.suse.com/939516
SUSE Bug 939516

Описание

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_gnome_keyring-1-0-1.8.10-15.1

SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_kwallet-1-0-1.8.10-15.1

SUSE Linux Enterprise Software Development Kit 12:subversion-1.8.10-15.1

SUSE Linux Enterprise Software Development Kit 12:subversion-bash-completion-1.8.10-15.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-3187.html
CVE-2015-3187
https://bugzilla.suse.com/939517
SUSE Bug 939517

SUSE-SU-2015:1473-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12

Ссылки

Уязвимость: CVE-2015-3184

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-3187

Описание

Затронутые продукты

Ссылки